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Specification for SpamKapu 

Copyriglht CylberCom, Inc., 1999, aii rights reserved. 
Reproduction or copying off this material or its use in the 
creation of derivative works without the express permission 
of CylberCom, is a violation of federal law and may resylt in 

civil or criminal penalties. 

(a) Application transmittal form. 

(b) Fee transmittal form. 

(c) Title of the Invention. 

n SpamKapu " Software to eliminate unauthorized receipt of 
electronic mail (spam) 

(d) Cross Reference to related 'applications (iff any). 

Internet SMTP, POP3, and related standards 



(e) Statement of federally sponsored research/development (if 



any). 

none 

(f) Reference to a microfiche appendix (if any). 



none 

(g) Background of the Invention. 

Not sure here. 

(h) Brief Summary off the Invention. 

Most, if not all, of the current software to control spam is based 
on identifying lists of spam sources or senders and filtering email 
based on those lists. This technology is only as good as the 
identifying list and cannot guarantee that the user will not receive 
spam. Today's spam control software assumes all email is 
authorized an attempts to filter out unauthorized email. 

Because today’s spam filtering technologies are based on lists of 
known spam sources, it is impossible for them to filter email that 
comes from non-SPAMMERs that is still undesired by the user. 
For instance, one may have disclosed their email address at a 
Web site which now used by individuals that are sending email to 
the user. These individuals will never appear of spam lists 
because technically they are not spamming. 

SpamKapu based on the idea that all email is unauthorized and 
must be compared against an "authorized senders " list in order to 
be acceptable to the user. This filters not only spamming 
sources , but anv sender which the user deems as unauthorized. 
This creates an inherently powerful and 100% private email 

SpamKapu intelligently formulates the " authorized senders " list 
based on analysis of the user's email usage (such as sent email) 
and a gathering of key data such as their known contacts and 
associates. The authorized senders list may also be easily 
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manipulated by the user at any time to add or remove authorized 
senders. 

To summarize: SpamKapu effectively blocks 100% of 
unauthorized email to the user. It is based on the idea that if you 
did not send someone an email , they are not authorized to send 
you email. 

(i) Brief description of the several views of the drawing (if 
any). 

(j) Detailed Description of the Invention. 

SpamKapu is formed of several key modules and definitions: 
SUBSCRIBER: the person that using SpamKapu. 

FRIEND: an email-sending source that is authorized to send 
email to the SUBSCRIBER. 

SPAMMER: an email-sending source using manual or highly 
mechanized means to send one or more emails through the 
Internet that is not authorized to send email to the 
SUBSCRIBER. 

CONTACT: an email-sending source that is a human being 
attempting to reach the SUBSCRIBER for a legitimate cause. 
SUSPECT: an email sending source that has not yet been 
identified as either a SPAMMER or CONTACT. 

ASL Manager 

Software designed to populate the ASL from a variety 



of methods: 

Contact lists of the user indicating Friends. 
Continual analysis of sent mail logs which may 
expose additional Friends. 

Standard file formats (i.e. comma-delimited) which 
would allow subscribers to easily update their ASLs. 
Spam Processor (SP) 

Decides whether an email address is FRIEND, or 
SPAMMER by executing rules on the SPDB in 
conjunction with the ASL. 

Returns this result along with any message to 
include in the error response to the REDIRECTOR. 
Uses industry standard PERL programming syntax 
and incorporates as PERL interpreter to execute 



ruies. 

Spam Processing database (SPDB) of which a unique copy 
exists for each SUBSCRIBER, composed of several tables: 
Authorized sender list (ASL), containing 

An email address or matching pattern for an email address 
Default: exact match 
A specific email address 

john@company.com 
UNIX Standard wildcard matching 




* .microsoft.com i.e. anything from 
“Microsoft.com” 

*microsoft*: anything with microsoft in 
it 

*mil: any email from Ihe military 
Matching any known “blackhole list” by using a 
%BLACKHOLE% symbol. 

A conditional and parameters to execute if the match is true 
An action and parameters to perform if the conditional is 
true. 

A parameter used by the secondary action 
The last date the SUBSCRIBER sent email to this address 
The last date this address sent email to the SUBSCRIBER 
Date the record was created 

Example list of conditionals to be used by the SPAM 
PROCESSOR, e.g: 

expiration dates. 

A given address until 2/12/2004 
Date ranges 

A given address from 4/1/2004 to 5/2/2004 
Specific recurring times 

first week of every month but no other time. 

e.g newsletter@magazine.com 
acceptable during 1 st week of each 
month. 

A link to external software designed to allow for additional 
user-defined criteria 

This allows for 3 rd party applications. 

Example list of different secondary actions to take 

Send a given message in the error response. 

Send a given message as an email. 

Open a file and email its contents 

Open a file and send its contents as an error reponse. 

Set the sender’s status to SPAMMER or FRIEND 
Give SMTP default error message 
Link and execute external software designed to allow for 
additional user-defined actions 

This allows for 3 rd party applications. 

List of messages that may be invoked by a given 
secondary action 
Standard “error” 

Custom with variable substitution in the message body, e.g: 
%username% is substituted with the sender’s 
email address 

%subid% is the ID code of the subscriber 
%date% is today’s date 

“hello %usemame% you have been identified as spam, go to 
http://www.spamkapu.com/subscriber=%subid% and if 
you’re really human we’ll let you in. 
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Custom text; “All email addresses from America Online are 
unconditionally rejected” 

Authorized Sender mailbox (ASM) 

An electronic mailbox confirming to popular Internet 
standards (as of this writing, POP3 & IMAP4) that 
contains email sent from FRIENDS. 

SpamKapu email address (SKE) 

An Internet SMTP-complied email address provided 
by spamkapu that is unique to the SUBSCRIBER. 
Redirector 

Software that intercepts incoming email sent to the 
SKE, routes it’s sender’s email address to the SP for 
validation (FRIEND, or SPAMMER) 

If FRIEND, the email is directed to the ASM. 

If SPAMMER, the SPAMMER is given an error 
message similar to one if the user didn’t exist along 
with information on how to access the 
SUBSCRIBER’S WBM should further communication 

Web-base$ e messenger (WBM) 

A Web site that designed to determine if a SUSPECT 
is either a SPAMMER or a CONTACT. 

An online form would be presented to the SUSPECT 
to allow entry of the intended message to the 
SUBSCRIBER. 

This form would operate in such a way that only a 
human SUSPECT would be able to properly execute 
the form. 

A unique web page with a random word would be generated 
The SUSPECT would be prompted to enter the word. 

If the word matched, the form would be considered 
“operated by a human” and the SUSPECT is now deemed as 
a CONTACT 

If validated as a CONTACT, the message in the form 
along with the CONTACT’S email address would be 
sent as a special email to the SUBSCRIBER’S ASM. 
The subject line of the email would contain the word 
“contact:” so it could easily be filtered or be subject 
to special processing by an industry standard email 

ffte^UBSCRIBER would have the opportunity to 
read the email, knowing that at least it was sent by a 
CONTACT. 

ASL manager 

Software that intercepts all sent email from the 
SUBSCRIBER and copies the recipients along with 
other information into the ASL 
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The ASL manager may work on either a dynamic (as 
emails are sent) or batch (analyze logs or other data 
sources). 

The ASL works in conjunction with the UMM 
SMTP manager 

Software that provides a SUBSCRIBER with an SKE 
and interfaces with other Internet SMTP standard 
functions such as: 

Sending email FROM or TO the subscriber through the ASL 
manager. 

For example, the SMTP manager may interface with the 
subscribers "official" or known corporate address to 
eliminate spam sent to the corporate email system. 

User maintenance modules (UMM) 

A set of software utilities that allow the SUBSCRIBER 
to maintain personal settings and the ASL. Examples 
include: 

Default expiration settings. 

Bulk-loading of friends into the ASL 
Search/add/edit/delete ASL entries 
Handling of mail once sent to PSM (i.e. create a 
predefined response to the spammer) 

Outright rejection of email, disallowing it to even get 
to the PSM. 

Preview/Delete items from the PSM 
Other features of benefit to subscribers 
SpamKapu may be packaged in a variety of ways 

As an online service (i.e. Web site) that allows users to 
subscribe and realize the benefits of spam-free email services. 

As a server-side software package. By installing SpamKapu at 
the server level, any/all users with a valid account on the server 
can receive the benefits of spam-free email. This is an idea 
solution for ISPs and/or larger organizations with their own 
server resources. 

As a client-side software package. SpamKapu can install on 
popular email clients such as Outlook and provide near-identical 
functionality. This is an idea situation where the user's server 
does not have SpamKapu installed 
Operation of the invention 

As a server-side software package or online service 

SUBSCRIBERS are added to SpamKapu system. 

Each SUBSCRIBER is provided with a PSM, ASM, 
and UMM and an SKE. 

The SUBSCRIBER changes appropriate setting on 
their email software to accomplish the following: 

Use current Internet standards (currently POP3 or IMAP4) to 
retrieve mail from both the PSM and ASM 
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Redirect email sent to their current email address to their 
SKE instead OR set the email reply-to address to their SKE. 
Use the SMTP manager to handle the sending of all email. 

Any email sent to the SKE is processed by the 
redirector as described above. 

Any email sent by the SUBSCRIBER through the ASL 
manager (via the SMTP manager) and processed as 
described above. 

The user can retrieve email from the ASM at any time 
using Internet standards (currently POP3 or IMAP4). 
The user can retrieve email from the PSM at any time 
using Internet standards (currently POP3 or IMAP4) 
user other software that can delete, further filter, or 
altogether discard the contents. 

SUBSCRIBERS may interact with the UMM at any 
time. 

Use of SMTP-standard email error response codes as 
a matter of rejecting user-specific spam 

This is being used today, but only where a given email 
server is rejecting ALL email from a given NETWORK. 
This claim is against SPECIFIC email directed to a 
SUBSCRIBER that is identified to have originated from a A 
SPAMMER. 

As a client-side software package on an Outlook 98 or greater 
client. 

After installation, a folder labeled "PSM" will be 
created. 

Users may interact with the a client-side installation 
of the UMM at any time. 

ASM will be sent to the standard "inbox" folder and 
PSM will be sent to the "PSM" folder. 

Other operations are similar to the server-side 
package or online service described above. 

(k) Claim or claims. 

Any software which analyzes the user's personal email usage 
patterns to create an ASL or equivalent and in-turn uses this ASL 
to make decisions on how to process incoming email. 

Analysis of sent email and received to determine and refine the 
ASL. 

Analysis and rejection of SPAM at the lowest (earliest) possible 
level in the mail transmission protocol such that SPAMMERS 
receive error messages indicating the user doesn’t even exist. 
SUBSCRIBER never even processes or downloads email. 

Analysis of contact databases to determine and refine the ASL. 
Analysis of email logs (both sent and received) to determine and 
refine the ASL. 

Methods to only allow humans to access the WBM to send 
messages to the SUBSCRIBER. 
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Methods for 3 rd party software to interface with SPAMKAPU to 
broaden the scope and functionality of determining if email is 
SPAM or not, for example: 

Analysis against 3 rd party databases such as the Better 
Business Bureau 

Methods for 3 rd party software to interface with SPAMKAPU to 
broaden the scope and functionality of the various types of 
actions that can be taken on SPAM. 

Methods for 3 rd party software to interface with SPAMKAPU to 
broaden the scope and functionality of analyzing power 

(l) Abstract of the disclosure. 

(m) Drawings (if any). 

(n) Executed oath or declaration. 

(o) Sequence listing (if any). 

(p) Plant Color Coding Sheet (applicable in plant patent 
applications). 

Other 

dataflow of overall system 
server-based architecture of system 
client-based architecture of system 

list of other Ideas and uses of the system and variances to do the same thing (other than 
spamming) 

references to other technology used 
RFC 821 
SMTP email 
PERL 
Sendmail 

RealTime Blackhole List (www.maiFabuse.org) 






i whether or not to attempt to be 












Internet 






C 

O 



l 

E 



C 

C|1 CO 2 

□ £? I 
»2 II 
1 s 

« *. 
= r- *i o 
"Jr £ O 
Ul O -g o 

PP it 

sfel 

52 I 

i 1 

o. i 
co i 



.2 










SpamKapu" detailed operation WSf^TP Manager 













SparriKapu” detailed §ps?ati6ff ©PSMfP Receive Manager 

Confidential Information. 

This document is the property of CyberCom, Inc. and sent under attorney-client priviledge. 







SpamKapu" detailed operation of SPAM PROCESSOR 
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"SpamKapu" detailed operation of SPAM PROCESSOR DATABASE 



Confidential Information. 

This document is the property of CyberCom, Inc. and sent under attorney-client priviledge. 
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Using FROM email address 
supplied, loop through each 
line of the ASL until there is a 






Once there is a 
pattern match, 
execute the condition 
based on the code in 
this field 






<ai 






If the condition returns TRUE, 
execute the action based on 
the code in this field and exit. 
If condition returns FALSE, 
continue looping through 
each email pattern 





✓ 

tem| conditio 


Bet Condition 




& 

email pai 


ASL Tc 

action if true 


ble (example) 

Comment! 


mom@ot 


i.net : 


always! 




friend! 




this is my mom so she’s always a friend! 


sales@ac 


me.com 


activerar 

(2/5/200^ 

6/5/2004 


ge! 


friend 




I’m working with this businessperson only from 
Feb 5 to June 5 


iohnOho 


ne.com 


before 

(12/1/20C 


3) 


friend 




After 12/1/2003, 1 do not want messages from 
this address 


*®aol cnmi 


always 


email (SPAMMER, 
"noaol.txt'l 


email we get from aol gets send back with an 
explanation 




blackholeO 


emailtrnother (SPAMMER, 

blacklist.txt, 

abuse@%domain% 

%SENDER%, 

admin@spamkapu.com) 


run a 3rd party software, mark as a spammer, 
send a standard message to the system's 
administrator, and mark it as coming from 
spamkapu's administrator 




activerange 
f3/14/*. 3/20/*>l 


friend! 


my birthday falls on 3/17, so from 3/14 to 3/20, 
I'll let anyone pass through to wish me a 
happy birthday.! 




always 


errormsge(spammer, 
contact.txt, 550) 


mark as spammer, send the "you might be a 
contact" message, return "No such user" error t 
code 



Condition Table (example) 



condition! syntax! description codej 



always' 


always 


return true always! 


return(true)! 


activeranqe 


activerange (low | 
date, hiqh date)! 


true if today is within a ranqei 


if today >= %1 and today ] 
<=%2 then returnftrue)! 


runcode 


runcode(filename) 


runs long and lengthy code 
program 


exec(file.pl) 


blackhole 


blackholeO 


3rd party software to check 
against a blackhole list 


exec(blackhole.exe) 


before 


before(date) 


true if today is less than date 


if today <= %1 then 
return(true) 



Action Table (example) 

action id! syntax! description! 



email 


emaiKident, file) 


return parml as identifier, get 2nd parameter as a 
filename, translate and email it. 


errormsq 


errormsge(ident, file, 
errorcode)! 


return parml as identifier, get 2nd parameter as a 
filename, translate and return it as the error code 1 


external 


exec(file)l 


execute 2nd parameter as an external 3rd party 
software package and return its result as the i 


emailrtn 


emailtrnother (ident, 
filename, to, from) 


return parml as identifier, get 2nd parameter as 
filename of message text, send it as an email to 4th 
parameter, and use 3rd parameter as FROM 


friend! 


returnfSPAMMER) 


return value as FRIEND, no oarms needed! * — 


spammer! 


return(SPAMMER) 


return value as SPAMMER, no parms needed! 







"SpamKapu" detailed operation of ASL Manager 
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The ASL Manager also 
runs tasks on a 
scheduled basis for 
analysis and 
maintenance functions. 
This allows a very rich 
examination of the 
SUBSCRIBERS ASL 
database and mail log to 
continually refine the 
database accuracy and 
relevance. 



The system's 
architecture allows for 
easy integration of 3rd 
party solutions so that 
SpamKapu can harness 
the collective power of 
the industry to 
continually extend and 
improve its feature set 



The ultimate resort of this 
architecture is to create 
a very richly detailed 
ASL database which 
goes beyond total 
elimination of spam by 
continually reflecting the 
current needs of the 
SUSSCRIBER dynamic 
use of email 





„ "SpamKapu" detailed operation of REDIRECTOR 



Typical operation of SMTP "send email" process 



Sender-SMTP ^ | Receiver-SMTP 




Typically, the standard 
confirmation performed is simply 
based on whether or not the 
user exists or whether or not 
the SMTP receiver has the 
authority to prooess email for 
this user. There very little to no 
other logic performed. 



At this stage, users are going to 
get this email in their standard 
inbox. 
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